Thank you

Sorry

A start-up named Broala has been formed to expand the open-source intrusion detection system known simply as Bro that has been used in high-speed research networks for about two decades.

The Bro IDS has been used for security monitoring in high-speed networks, notably the Energy Sciences Network (ESnet) which has deployed it for about 15 years to monitor and protect ESnet. The founders of Berkeley, Calif.-based Broala say they intend to maintain Bro’s open-source heritage but also to expand this core open source code to include newer applications.

Randall says examples of what could be done further with Bro include possibly building a data-loss prevention system that might be combined with the Bro IDS or other various appliances. There’s a growing demand for professional services related to Bro, and Broala as a start-up could provide customer support, he points out.

Randall said Bro development has been funded by grants by the National Science Foundation. But the establishment of privately held Broala (which publicly reports no venture capital funding yet) is a step to further modernize Bro in a more commercial setting where demand has been building. Randall estimated that there may be as many as 10,000 organizations in both the government and private sector that use the open-source Bro IDS today.

Greg Bell

One of the best-known Bro IDS deployments has been at ESnet. Greg Bell, scientific networking division director of ESnet, says the high-speed network supports 100Gbps speeds between 40 main Department of Energy (DoE) labs and other sites. Because ESnet was designed as a high-performance network for use by the national laboratories, such as Lawrence Berkeley National Laboratory, it has been optimized for large-scale data transfers that scientists might require, with a single data flow reaching 10Gbps.

The Bro IDS supports high speeds effectively, according to Bell, who adds it has proven to be a flexible security tool to monitor ESnet via its use on a LAN. He adds Bro isn’t used in-line to block suspected attacks but can be configured to take specific actions, such as communicating with a border router to block certain traffic.

Bro, running on Free BSD as freely downloaded-code, now has IPv6 support, Bell says. Like any IDS, it has a “learning curve” and may generate a false alert, he points out. He says the establishment of the start-up Broala appears to be a positive sign for the future of the Bro IDS.

Bro’s inventor is said to be Broala’s chief scientist Vern Paxson, who’s also professor of networking and security at the University of California, Berkeley, and director of networking and security research at the International Computer Science Institute in Berkeley.

The establishment of Broala to provide commercial support for open-source Bro bears some comparison to how the inventor of the open-source Snort IDS, Martin Roesch, founded Sourcefire in 2001 to commercialize the open-source Snort IDS he had come up with in 1998.

Randall acknowledged there’s some comparison to be made between the two open-source IDS, Bro and Snort, but says there are at least as many differences. There have been independent written studies that others have done to examine that topic, such as the one written by Pritika Mehra in the “International Journal of Advanced Research in Computer and Communications Engineering” last August which concluded that Bro, less known in general, is more adapted to very high speeds than Snort but may be somewhat harder to set up.

Broala’s managing director Randall says there’s growing use of the open-source Bro IDS, which has strong protocol analysis features, in the corporate world. But he promised the Bro IDS under BSD license will remain open source. “It’s free for any use,” he says.